Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1) an individual user or (2) a room, leading to cross-site request forgery (CSRF), cross-site scripting (XSS), or other impacts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pro Chat Rooms sendData.php目录遍历漏洞
Vulnerability Description
Pro Chat Rooms是一款网络在线聊天室程序。 Pro Chat Rooms 3.0.2版本中存在目录遍历漏洞。远程验证用户可以借助原型参数中的一个..,选择一个任意的本地PHP脚本作为一个原型,并通过运行sendData.php发送一条信息至(1)一个个人用户或(2)一个范围的人,引起跨站请求伪造,跨站脚本攻击或其他影响。
CVSS Information
N/A
Vulnerability Type
N/A